STIGQter: STIG Summary: Video Services Policy STIG Version: 1 Release: 11 Benchmark Date: 24 Apr 2020: STIGQter: STIG Summary: Video Services Policy STIG Version: 1 Release: 11 Benchmark Date: 24 Apr 2020:SV-18865r2_rule
V-17691
RTS-VTC 2028
RTS-VTC 2028.00
CAT II
10
Configure the classified videoconferencing system to authenticate with a unique user logon prior to performing functions and services. Additionally, configure the video endpoint with the following:
- Configure unique (non-default/non-shared) IDs for each privileged and user account, to include an administrator test account. Note this is best accomplished using a central user management system, such as RADIUS or TACACS+. Authentication must meet current DoD requirements and may implement username/password or multifactor authentication (DoD PKI token preferred).
- Configure video endpoints to require unique user identities to authenticate at first logon and when unlocking.
- Configure video endpoints to automatically lock after 15 minutes of inactivity.
- Configure video endpoints to display incoming call notifications while locked (a unique ID is required to activate the video endpoint and answer the call).
Review site documentation to confirm the classified videoconferencing system authenticates using a unique user logon prior to performing functions and services. The video endpoint must not be capable of placing or answering a call unless it is unlocked by a user logon. Additionally, ensure the video endpoint configuration settings are as follows:
- Unique (non-default/non-shared) IDs for each privileged and user account, to include an administrator test account. Note this is best accomplished using a central user management system, such as RADIUS or TACACS+. Authentication must meet current DoD requirements and may implement username/password or multifactor authentication (DoD PKI token preferred).
- Video endpoints to require unique user identities to authenticate at first logon and when unlocking.
- Video endpoints to automatically lock after 15 minutes of inactivity.
- Video endpoints to display incoming call notifications while locked (a unique ID is required to activate the video endpoint and answer the call).
If the classified videoconferencing system is not configured as above, this is a finding. If the classified videoconferencing system does not authenticate using a unique user logon prior to performing functions and services, this is a finding.
V-17691
False
RTS-VTC 2028.00
Review site documentation to confirm the classified videoconferencing system authenticates using a unique user logon prior to performing functions and services. The video endpoint must not be capable of placing or answering a call unless it is unlocked by a user logon. Additionally, ensure the video endpoint configuration settings are as follows:
- Unique (non-default/non-shared) IDs for each privileged and user account, to include an administrator test account. Note this is best accomplished using a central user management system, such as RADIUS or TACACS+. Authentication must meet current DoD requirements and may implement username/password or multifactor authentication (DoD PKI token preferred).
- Video endpoints to require unique user identities to authenticate at first logon and when unlocking.
- Video endpoints to automatically lock after 15 minutes of inactivity.
- Video endpoints to display incoming call notifications while locked (a unique ID is required to activate the video endpoint and answer the call).
If the classified videoconferencing system is not configured as above, this is a finding. If the classified videoconferencing system does not authenticate using a unique user logon prior to performing functions and services, this is a finding.
M
Other
1418